SUSE-FU-2023:3696-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-fu-20233696-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-FU-2023:3696-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-FU-2023:3696-1
- Related
- Published
- 2023-09-20T07:56:44Z
- Modified
- 2023-09-20T07:56:44Z
- Summary
- Feature update for LibreOffice
- Details
-
This update for LibreOffice fixes the following issues:
libreoffice:
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
- For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5
- For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4
- Security issues fixed:
- CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
- CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
- Bug fixes:
- Fix PPTX shadow effect for table offset (bsc#1204040)
- Fix ability to set the default tab size for each text object (bsc#1198666)
- Fix PPTX extra vertical space between different text formats (bsc#1200085)
- Do not use binutils-gold as the package is unmaintainedd and will be removed in the future (bsc#1210687)
- Updated bundled dependencies:
- boost version update from 1770 to 1800
- curl version update from 7.83.1 to 8.0.1
- icu4c-data version update from 701 to 721
- icu4c version update from 701 to 721
- pdfium version update from 4699 to 5408
- poppler version update from 21.11.0 to 22.12.0
- poppler-data version update from 0.4.10 to 0.4.11
- skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466
- New build dependencies:
- fixmath-devel
- libwebp-devel
- zlib-devel
- dragonbox-devel
- at-spi2-core-devel
- libtiff-devel
dragonbox:
- New package at version 1.1.3 (jsc#PED-1785)
- New dependency for LibreOffice 7.4
fixmath:
- New package at version 2022.07.20 (jsc#PED-1785)
- New dependency for LibreOffice 7.4
libmwaw:
- Version update from 0.3.20 to 0.3.21 (jsc#PED-1785):
- Add debug code to read some private rsrc data
- Allow to read some MacWrite which does not have printer informations
- Add a parser for Scoop files
- Add a parser for ScriptWriter files
- Add a parser for ReadySetGo 1-4 files
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
- Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
- Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use
--enable-openssl3-enginesconfigure flag (there will be a lot of deprecation warnings). - The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library.
- Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled
-Werrorand-pedanticflags on CI builds. - Added configure flag to use sizet for xmlSecSize (currently disabled by default for backward compatibility).
- Support for OpenSSL compiled with OPENSSLNOERR.
- Full support for LibreSSL 3.5.0 and above
- Several other small fixes
- Fix decrypting session key for two recipients
- Added
--privkey-openssl-engineoption to enhance openssl engine support - Remove MD5 for NSS 3.59 and above
- Fix PKCS12parse return code handling
- Fix OpenSSL lookup
- xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
- Unload error strings in OpenSSL shutdown.
- Make userData available when executing preExecCallback function
- Add an option to use secure memset.
- Enabled XMLPARSEHUGE for all xml parsers.
- Various build and tests fixes and improvements.
- Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
- Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
- Pass
--disable-md5to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
- Version update from 7.3.6.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#PED-1785):
- References
-
- https://www.suse.com/support/update/announcement/-2023-3696/suse-fu-20233696-1/
- https://bugzilla.suse.com/1198666
- https://bugzilla.suse.com/1200085
- https://bugzilla.suse.com/1204040
- https://bugzilla.suse.com/1209242
- https://bugzilla.suse.com/1210687
- https://bugzilla.suse.com/1211746
- https://www.suse.com/security/cve/CVE-2023-0950
- https://www.suse.com/security/cve/CVE-2023-2255
Affected packages
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / atk
Package
- Name
- atk
- Purl
- pkg:rpm/suse/atk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.28.1-6.5.23
Ecosystem specific
{
"binaries": [
{
"libatk-1_0-0-32bit": "2.28.1-6.5.23",
"libatk-1_0-0": "2.28.1-6.5.23",
"typelib-1_0-Atk-1_0": "2.28.1-6.5.23",
"atk-doc": "2.28.1-6.5.23",
"libxmlsec1-gcrypt1": "1.2.37-8.6.21",
"libxmlsec1-gnutls1": "1.2.37-8.6.21",
"libxmlsec1-1": "1.2.37-8.6.21",
"atk-lang": "2.28.1-6.5.23",
"xmlsec1": "1.2.37-8.6.21",
"libxmlsec1-openssl1": "1.2.37-8.6.21",
"libxmlsec1-nss1": "1.2.37-8.6.21"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / xmlsec1
Package
- Name
- xmlsec1
- Purl
- pkg:rpm/suse/xmlsec1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.37-8.6.21
Ecosystem specific
{
"binaries": [
{
"libatk-1_0-0-32bit": "2.28.1-6.5.23",
"libatk-1_0-0": "2.28.1-6.5.23",
"typelib-1_0-Atk-1_0": "2.28.1-6.5.23",
"atk-doc": "2.28.1-6.5.23",
"libxmlsec1-gcrypt1": "1.2.37-8.6.21",
"libxmlsec1-gnutls1": "1.2.37-8.6.21",
"libxmlsec1-1": "1.2.37-8.6.21",
"atk-lang": "2.28.1-6.5.23",
"xmlsec1": "1.2.37-8.6.21",
"libxmlsec1-openssl1": "1.2.37-8.6.21",
"libxmlsec1-nss1": "1.2.37-8.6.21"
}
]
}
SUSE:Linux Enterprise Server 12 SP2-BCL / atk
Package
- Name
- atk
- Purl
- pkg:rpm/suse/atk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
SUSE:Linux Enterprise Server 12 SP4-ESPOS / atk
Package
- Name
- atk
- Purl
- pkg:rpm/suse/atk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.28.1-6.5.23
Ecosystem specific
{
"binaries": [
{
"libatk-1_0-0-32bit": "2.28.1-6.5.23",
"libatk-1_0-0": "2.28.1-6.5.23",
"typelib-1_0-Atk-1_0": "2.28.1-6.5.23",
"atk-doc": "2.28.1-6.5.23",
"libxmlsec1-gcrypt1": "1.2.37-8.6.21",
"libxmlsec1-gnutls1": "1.2.37-8.6.21",
"libxmlsec1-1": "1.2.37-8.6.21",
"atk-lang": "2.28.1-6.5.23",
"xmlsec1": "1.2.37-8.6.21",
"libxmlsec1-openssl1": "1.2.37-8.6.21",
"libxmlsec1-nss1": "1.2.37-8.6.21"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-ESPOS / xmlsec1
Package
- Name
- xmlsec1
- Purl
- pkg:rpm/suse/xmlsec1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.37-8.6.21
Ecosystem specific
{
"binaries": [
{
"libatk-1_0-0-32bit": "2.28.1-6.5.23",
"libatk-1_0-0": "2.28.1-6.5.23",
"typelib-1_0-Atk-1_0": "2.28.1-6.5.23",
"atk-doc": "2.28.1-6.5.23",
"libxmlsec1-gcrypt1": "1.2.37-8.6.21",
"libxmlsec1-gnutls1": "1.2.37-8.6.21",
"libxmlsec1-1": "1.2.37-8.6.21",
"atk-lang": "2.28.1-6.5.23",
"xmlsec1": "1.2.37-8.6.21",
"libxmlsec1-openssl1": "1.2.37-8.6.21",
"libxmlsec1-nss1": "1.2.37-8.6.21"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-LTSS / atk
Package
- Name
- atk
- Purl
- pkg:rpm/suse/atk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.28.1-6.5.23
Ecosystem specific
{
"binaries": [
{
"libatk-1_0-0-32bit": "2.28.1-6.5.23",
"libatk-1_0-0": "2.28.1-6.5.23",
"typelib-1_0-Atk-1_0": "2.28.1-6.5.23",
"atk-doc": "2.28.1-6.5.23",
"libxmlsec1-gcrypt1": "1.2.37-8.6.21",
"libxmlsec1-gnutls1": "1.2.37-8.6.21",
"libxmlsec1-1": "1.2.37-8.6.21",
"atk-lang": "2.28.1-6.5.23",
"xmlsec1": "1.2.37-8.6.21",
"libxmlsec1-openssl1": "1.2.37-8.6.21",
"libxmlsec1-nss1": "1.2.37-8.6.21"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-LTSS / xmlsec1
Package
- Name
- xmlsec1
- Purl
- pkg:rpm/suse/xmlsec1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.37-8.6.21
Ecosystem specific
{
"binaries": [
{
"libatk-1_0-0-32bit": "2.28.1-6.5.23",
"libatk-1_0-0": "2.28.1-6.5.23",
"typelib-1_0-Atk-1_0": "2.28.1-6.5.23",
"atk-doc": "2.28.1-6.5.23",
"libxmlsec1-gcrypt1": "1.2.37-8.6.21",
"libxmlsec1-gnutls1": "1.2.37-8.6.21",
"libxmlsec1-1": "1.2.37-8.6.21",
"atk-lang": "2.28.1-6.5.23",
"xmlsec1": "1.2.37-8.6.21",
"libxmlsec1-openssl1": "1.2.37-8.6.21",
"libxmlsec1-nss1": "1.2.37-8.6.21"
}
]
}